Best Practices for Handling the Loop Operator’s 100-Item Limitation in Workflows

Identity Security Cloud (ISC) ISC Discussion and Questions
,
1

Hello everyone,

I’m working on a workflow in SailPoint Identity Security Cloud (ISC) and have run into the 100-item limitation of the Loop operator. My use case involves processing a list of items (identities, access items) that often exceeds 100—sometimes reaching 900 or more. According to the documentation, the Loop operator’s input array is capped at 100 items, and any excess causes the workflow to either fail or skip processing beyond that limit.
Loop Doc: https://documentation.sailpoint.com/saas/help/workflows/workflow-operators.html#loop

I’d love to hear how others in the community have approached this limitation. Specifically:

What strategies or workarounds have you used to handle lists >100 items in a workflow?

Any best practices for keeping this efficient and maintainable?

2

Hi @amishra25!

Welcome to the community! :tada:

Could you please share the exact use case? In most situations where workflows have limitations, we can use scripting, like PowerShell, to achieve the desired outcome. However, these tasks typically require manual intervention.

Thanks

3

Use python or PowerShell script if the frequency of processing is once a week or so.

4

The use case here is for example based on an attribute change that we are populating example lifecycle state we need to trigger a workflow that should get all identities remove all the access user is having.

Now the user here can have more than 100 access profiles tagged to it.

5

Hello @sameer1308

The following might help in resolving your query

Thanks

6

I have used certification to handle this process in Workflow and avoided the loop limitation. Below is the approach I have used.

  • Trigger: LCS attribute change to specific state
  • Operator: Get Current Timestamp. To update the Cert campaign deadline.
  • Action: Get Identity. To get leaver identity details
  • Action: Create a Campaign. Create a search based certification campaign to list all access items of an identity.

Created Exclusion Filter type to skip few access items from removal process.
Added the Filter to the campaign

  • Wait action to wait for sometime to the campaign gets created
  • Action: Activate the cert campaign. Enabled the error handling to handle the auto closed campaign error when access items does not exist.
  • Action: HTTP Request. To update the campaign deadline with current date
  • Action: HTTP Request. Auto complete the campaign by setting autoCompleteAction = REVOKE
  • Operator: End Steps - Success
1 Like
7

Thanks everyone for the feedback and suggestions so far! I really appreciate the ideas around removing access and other specific use cases. To clarify, my original question was a bit more general, I was hoping to hear from anyone who’ has tackled the Loop operator’s 100-item limitation in a workflow and could share a sample approach if they’ve successfully implemented.

8

Hi Ajeet,

There is a great article on recursive workflows in Identity Security Cloud: Recursive Workflows in IdentityNow

In your case, if it’s looking at multiple identities, you can probably look at the asynchronous recursion. Try downloading the examples in this document and ply around with it for your use case.

Thanks,
Margo

9

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.